How not to design a wire protocol

Eric S. Raymond esr at thyrsus.com
Tue Mar 5 18:52:36 UTC 2019


Daniel Franke <dfoxfranke at gmail.com>:
> On Tue, Mar 5, 2019 at 7:21 AM Eric S. Raymond <esr at thyrsus.com> wrote:
> > You yourself advocated that Mode 6 ought to be replaced by an HTTP
> > service on TCP port 123. I think that's a good idea, if we can do
> > it. The problem is than NTS-KE *also* wants to have TCP 123.
> 
> Like Hal pointed out, ALPN makes this a non-issue.

I can see where it might. Still learning about it, want to see it work.

>                                                    But what gave you
> the idea that NTS-KE wants 123/tcp? There's been some back-and-forth
> on this in the WG but I've been advocating against using 123 because
> NTS-KE is explicitly not specific to NTP and can be extended to
> provide similar negotiation mechanisms for other protocols.

Hm.  This is my mistake.  It was Hal who put the service on port 123.

And that does makes sense with NTS-KE deployed inboard of ntpd.  I hope
the RFC will allow this option; it will simplfy deployment a lot.

If you end up going with a non-123 port number, I requst that the RFC
allow use on other ports when and if ALPN is available and specify
the ALPN tag to be used.

> Regardless, it's just a number and makes no technical difference.

I disagree.  New firewall holes are difficult, practically if not
theoretically.
-- 
		<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>

My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.




More information about the devel mailing list